<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>iRedAdmin-Pro: Default password restrictions</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>

    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="iredadmin-pro-default-password-restrictions">iRedAdmin-Pro: Default password restrictions</h1>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Restarting Apache or uwsgi (if you're running Nginx) service is required
after updated iRedAdmin config file.</p>
</div>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>The weakest part of a mail server is user's weak password. Email spammers
don't want to hack your server, they just want to send spam from your
server. Please ALWAYS ALWAYS ALWAYS force users to use strong password.</p>
</div>
<h2 id="password-length">Password length</h2>
<p>You can define required password length in iRedAdmin config file, parameters:</p>
<pre><code># 0 means unlimited, but at least 1 character is required.
min_passwd_length = 8
max_passwd_length = 0
</code></pre>
<p>It's also supported to set a per-domain password length in domain profile page.</p>
<h2 id="password-policy">Password policy</h2>
<p>iRedAdmin-Pro has some default password restrictions, you can find default
settings in file <code>libs/default_settings.py</code> under iRedAdmin-Pro directory.
If you want to change them, please copy the parameters to iRedAdmin-Pro config
file <code>settings.py</code> then update their values. Restarting Apache or uwsgi (if
you're running Nginx) service is required after modified <code>settings.py</code>.</p>
<pre><code># default password restriction setting in file: libs/default_settings.py

# Special characters which can be used in password.
PASSWORD_SPECIAL_CHARACTERS = &quot;&quot;&quot;#$%&amp;'&quot;*+-,.:;!&lt;=&gt;?@[]/\(){}^_`~&quot;&quot;&quot;

# Must contain at least one letter, one uppercase letter, one number, one special character
PASSWORD_HAS_LETTER = True
PASSWORD_HAS_UPPERCASE = True
PASSWORD_HAS_NUMBER = True
PASSWORD_HAS_SPECIAL_CHAR = True
</code></pre>
<p>For example, if you don't want to enforce upper case in password, set below
parameter in iRedAdmin-Pro config file <code>settings.py</code>:</p>
<pre><code>PASSWORD_HAS_UPPERCASE = False
</code></pre><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>